This invention relates to cryptography, and more particularly, to cryptographic systems with halting key derivation function capabilities.
Cryptographic systems are used to secure data in a variety of contexts. For example, encryption algorithms are used to encrypt sensitive information such as financial account numbers, social security numbers, and other personal information. By encrypting sensitive data prior to transmission over a communications network, sensitive data may be secured, even if it passes over an unsecured communications channel. Sensitive data is also sometimes encrypted prior to storage in a database. This helps to prevent unauthorized access to sensitive data by an intruder.
Cryptographic systems may use cryptographic keys to encrypt and decrypt data. In a symmetric key system, the same key is used during decryption that was used during encryption. These keys can be generated from user-supplied passwords using a key derivation function. The strength of a password-based cryptographic system is related to how long it might take an attacker to correctly guess a password. System strength is affected by the type of password that is chosen and by the type of key derivation function that is used to derive the key from the password.
A password-based cryptographic system may be strengthened by increasing the complexity of its password. For example, a user may avoid using common words or names as passwords. The more complex a password is, the longer it will generally take an attacker to correctly guess the password. However, strengthening a system in this way requires that a user be able to remember a complex password. This can be burdensome for the user. Increasing the difficulty in deriving a cryptographic key will force a potential attacker to spend more time calculating a cryptographic key for each guessed password.
A conventional key derivation function creates a reproducible cryptographic key from a password and random data called a salt that is made public. Use of the salt as an input to the key derivation function precludes a potential attacker from using a recalculated dictionary-based lookup table as a shortcut. Key derivation functions may scramble a password and salt by applying a hash function to the password and salt a fixed number of times. The result of this operation may serve as the cryptographic key. The use of multiple iterations of the hash function serves to slow down cryptographic attackers that are attempting to guess a correct password from a “dictionary” of possible or likely passwords. The number of iterations used for the hash function in this type of conventional key derivation function is a publicly known constant value. Because the number of iterations is publicly known, attackers who are attempting to guess a password only need to run a key derivation function to its publicly known maximum iteration count.
The availability of multi-core processors has increased the processing power available to attackers relative to users. Because conventional key derivation functions rely on the iterated application of a cryptographic hash function for a fixed number of iterations, conventional key derivation functions generate keys using a sequential computational process. As a result, conventional key derivation functions have generally only been implemented using single core platforms. On the other hand, attackers can, in principle, run multiple trial passwords through conventional key derivation functions simultaneously using many independent computers, each of which possibly equipped with multiple computing cores.
It would therefore be desirable to provide a key derivation function with enhanced security features.